In External Authentication Server, third-party authentication servers can be configured, including LDAP, RADIUS, and POP3.

6.6.3.3.1.1LDAP Server

On the Policies > Authentication > User Authentication > External Auth Server page, click Add and select LDAP Server. On the Add LDAP Server dialog box, enter the name of the server.

In Basics Settings, fill in the server's IP address, authentication port, timeout, and Base DN (the specific path of the server where the user is located).

Basic Settings:

IP Address: Enter the address of the LDAP server docking AC.

Port: Port connecting to the LDAP server. For example, if the AD domain does not enable SSL/TLS encryption, the port is 389 by default.

Timeout (secs): Set the timeout for an authentication request. If no response is given in this period after the AC device forwards an authentication request to the LDAP server, it is deemed as an authentication failure. If the network between the Network Secure device and the LDAP server is slow, you can prolong the timeout period (e.g., 10 seconds).

Base DN: Specify the start point of the domain search path, which determines the effective range of the LDAP rule. If the user is outside the specified BaseDN, external server authentication does not apply, and the policy configured is invalid for the user. Therefore, Base DN can be used to divide the regions of administrators.

Sync Options:

Type: MS Active Directory, Open LDAP, SUN LDAP, IBM LDAP, OTHER LADAP.

Anonymous Search: Available if the LDAP server supports anonymous search.

Admin DN: The Network Secure device uses this account to access the LDAP server to search for and synchronize LAN user accounts.

Password: Password corresponding to the domain user.

User/Group Attribute: Specify the unique user attribute field on the LDAP server. For example, the user identifier "sAMAccountName" attribute is on the AD domain, and the UID is on Novell LDAP.

Group: Specify the user filter conditions of the LDAP server, which determines whether a node is a user. For example, "(|(objectClass=user)(objectClass=person))" can be used in the AD domain to determine if a node is a user.

Search Settings:

Paged Search: Search the LDAP server with the extended API. It is suggested that the default configuration be retained.

Page Size: The size returned upon LDAP paging. 0 indicates unlimited size. It is suggested that the default configuration be retained.

Size limit: This option is provided for LDAP synchronization. In this example, it is suggested that the default configuration be retained.

6.6.3.3.1.2RADIUS Server

On the Policies > Authentication > User Authentication > External Auth Server page, click Add and select RADIUS Server. In the Add RADIUS Server dialog box, enter the name of the server.

Name: Set the name of the Radius server.

IP Address: Fill in the IP address of the RADIUS server.

Port: Set the authentication port of the Radius server, which is 1812 by default.

Timeout (secs): Set the timeout for an authentication request.

Shared Key: Set the agreed key of the Radius server.

Protocol: Set Radius negotiation protocol, options including Non-encrypted protocol PAP, Challenge handshake authentication protocol, Microsoft CHAP, Microsoft CHAP2, and EAP_MD5.

6.6.3.3.1.3POP3 Server

On the Policies > Authentication > User Authentication > External Auth Server page, click Add and select the POP3 Server. In the Add POP3 Server dialog box, enter the name of the server.

POP3 server configuration:

IP Address: Enter the IP address of the POP3 server.

Port: Enter the serial number of the authentication port.

Timeout (secs): Set the timeout for an authentication request.